MAL-2026-6196 Malicious code in build-tracker-n5p1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e731775fde27ad6db493d20397b27eee9b4a6ea0bf515f9516cc974ea3e12619 Package name suggests build telemetry tooling, but the tarball ships beacon scripts beacon18.js, beaconlinux.js wired to a postinstall lifecycle hook...

RLSA-2026:26228 Important: hplip security update

The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project HPLIP, which provides drivers for Hewlett-Packard printers and multi-function peripherals. Security Fixes: HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection...

RLSA-2026:25930 Important: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...

RLSA-2026:26332 Important: rsync security, bug fix, and enhancement update

The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool. Security Fixes:...

RLSA-2026:26456 Important: 389-ds-base security, bug fix, and enhancement update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: unbounded LDAP controls count in...

RLSA-2026:25999 Moderate: yggdrasil-worker-package-manager security update

yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that matc...

RLSA-2026:26532 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

ROOT-APP-NPM-CVE-2022-24772 CVE-2022-24772 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24772 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33894 CVE-2026-33894 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33894 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33895 CVE-2026-33895 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33895 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33896 CVE-2026-33896 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33896 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-66030 CVE-2025-66030 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-66030 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2020-7720 CVE-2020-7720 in @rootio/node-forge - Patched by Root

Root has patched CVE-2020-7720 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-24771 CVE-2022-24771 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24771 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33891 CVE-2026-33891 in @rootio/node-forge - Patched by Root

Root has patched CVE-2026-33891 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-66031 CVE-2025-66031 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-66031 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-12816 CVE-2025-12816 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-12816 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-GHSA-WXGW-QJ99-44C2 GHSA-wxgw-qj99-44c2 in @rootio/node-forge - Patched by Root

Root has patched GHSA-wxgw-qj99-44c2 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-24773 CVE-2022-24773 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24773 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-0122 CVE-2022-0122 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-0122 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

MAL-2026-6199 Malicious code in ts-big-ecro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09cc5687efdad86354f994af9fa7d7c28fbc21d7b5b4558870aba1c05dcf425b ts-big-ecro is a verbatim copy of the legitimate big.js library MikeMcl/big.js v7.0.1 with its name, repository field, and copyright preserved to...

MAL-2026-6198 Malicious code in new-ecro-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c4e172aa83f2b8742fb014ea649490c87815573cab692ea74eb402ee23f935c Package new-ecro-1 impersonates the legitimate big.js library by shipping its source verbatim banner, license, and homepage pointing at MikeMcl/big.j...

MAL-2026-6197 Malicious code in new-ecro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7492a140547cea0957bc705d365e19806091462a249c3d5c90b6bfe91e8431c7 Package 'new-ecro' impersonates the legitimate 'big.js' library: it copies big.js's README, source, version banner 'big.js v7.0.1', author email, and...

MAL-2026-6191 Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 91f23a964fca4e1984aecce2dbc51fc6bfa1ffe77725ee5f0e8d2f7a5c5514d8 node-slot 1.0.7 contacts https://datasecure-service.vercel.app/api/v1 to retrieve scan and block patterns, then walks the user's home directory or...

MAL-2026-6193 Malicious code in ordered-btree (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a7b579313f4d78d1b99c88ed3fc22c295458981099a80f09f8408ca2bbb2ac4 Package impersonates the legitimate sorted-btree library matching name, README, and attributed author and ships a hidden remote-code-execution payloa...

MAL-2026-6183 Malicious code in @mep-exp/api-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 322089c1a58142401c82621aa778cdb7221086196cce6c879a703625b7013555 preinstall.js, registered as scripts.preinstall and also required from the main module and every bin entry, collects os.hostname, os.userInfo.usernam...

MAL-2026-6184 Malicious code in @qlab/component-intelligence (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ad49caeee790003270d74c5b17a58d0cef6f04d881efe83b0f6c7e11515e934 package.json declares a preinstall hook "preinstall": "node index.js" that fires automatically on npm install. index.js requires os, dns, https,...

MAL-2026-6192 Malicious code in nodepathbalance54 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d5ade836e7f92049242a01dbc0782900900c4e28eb7e08f9d9ebc611aab80762 nodepathbalance54 exports a single function nodeaxionweb whose implementation is hidden inside a hand-rolled stack-based JavaScript VM in index.js...

MAL-2026-6185 Malicious code in conversa-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector baaff1de63d44fd5f6b4fb1c5d3ebb4e9509d7581ff9afa5f339acad8f57aed0 On npm install, postinstall.js unconditionally reads the installer's /.npmrc which typically contains //registry.npmjs.org/:authToken=... along with...

MAL-2026-6186 Malicious code in electron-internal-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e07ff16a8f4a44a8ccfc2f6f2a91eee6dbd3d1de9f1c4d6ca95e0e48999202ef On npm install, package.json's postinstall script executes curl http://9ph8dp.ceye.io, an out-of-band DNS/HTTP interaction service controlled by the...

MAL-2026-6189 Malicious code in eyee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 743696e9409c97e89816b050f0346b86446464fdbaeead6ae49ddabf50a082ba On require/run, eyee auto-executes main package.json sets main=cdpinject.js and the bottom of the file invokes main unless --stop/--detach is passed...

MAL-2026-6194 Malicious code in portloop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e745a79c5fb952105d93cc5d5f37bc77af9cc08d9a021f09a12d26416a29de3c On default invocation e.g., npx portloop with no flags, the CLI runs in daemon+quiet+respawn mode and POSTs id, hostname, host, url, port, user to a...

MAL-2026-6195 Malicious code in ts-linter-builders (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a22153f1e71ba9fb51ce22d5fc57180ce4d8998995fbc4bd554d6dd532c195b6 index.js imports childprocess and contains a hardcoded outbound POST to https://tg-wallet-manager.vercel.app, with additional fetch calls to the same...

MAL-2026-6188 Malicious code in eslint-helper-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cfadd6e70cf70ee03d7aae8bfcaa916d29073c5e09ca614bfcb4538c3efc1832 Package masquerades as an ESLint helper but contains code in index.js that decodes base64 blobs through Buffer.from..., 'base64'.toString and pipes t...

MAL-2026-6190 Malicious code in mjs-eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3320fa37492448acdf24a86f8a8735a3fc4d3b329ad156e299a8089df39e2f28 The package decodes base64 string literals via Buffer.from..., 'base64'.toString and pipes the resulting content into execSync'bash...' and...

MAL-2026-6187 Malicious code in eslint-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5802f88a31cfb1c54196395aa04377de1c98657cdd78f59e4a595f2913239301 Package masquerades as an ESLint utility but contains no lint-related code. The exported fromstr recursively walks process.cwd searching for...

CGA-QPQR-6VCG-2G85

Bulletin has no description...

MAL-2026-6182 Malicious code in fluent-panel-metrics (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95598f66d3e0a4ecbfe9dcd01c1d5f0be9b78bee23b200758a92dac8f8a00d9e fluentpanelmetrics/init.py defines bootstrapruntimeprofile and invokes it unconditionally at module load. The function opens a TCP socket to the...

CGA-XHPH-HJ6Q-JQVX

Bulletin has no description...

CGA-77J6-8CMC-Q4XV

Bulletin has no description...

RLSA-2026:26590 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

RLSA-2026:26533 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

RLSA-2026:26610 Important: xorg-x11-server security, bug fix, and enhancement update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution du...

RLSA-2026:26709 Important: xorg-x11-server security, bug fix, and enhancement update

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution du...

RLSA-2026:26459 Important: 389-ds:1.4 security update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: 389-ds-base: unbounded LDAP controls count in...

RLSA-2026:26562 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

RLSA-2026:26427 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free via VMA splitting CVE-2026-31787 kernel: Buffer overflow in...

RLSA-2026:26534 Important: dracut security update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

UBUNTU-CVE-2026-55202

Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly v...

UBUNTU-CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed...